MD5 Hashing Given a Key in C#

Question

I've been looking for a way to hash a given string in C# that uses a predetermined key.

On my adventures through the internet trying to find an example i have seen lots of MD5CryptoServiceProvider examples which seem to use a default key for the machine, but none of them that apply a specific key. I need to have a specific key to encode data as to synchronize it to someone else's server. I hand them a hashed string and an ID number and they use that analyze the data and return a similar set to me. So is there anyway to get md5 to hash via a specific key that would be consistent to both.

I would prefer this to be done in C#, but if its not possible with the libraries can you do so with some web languages like php or asp?

Edit: Misunderstood the scenario I was thrown into and after a little sitting and thinking about why they would have me use a key it appears they want a key appended to the end of the string and hashed. That way the server can appended the key it has along with the data passed to ensure its a valid accessing computer. Anyways... thanks all ^_^

Edit2: As my comment below says, it was the term 'salting' I was oblivious to. Oh the joys of getting thrown into something new with no directions.

Answer 1

MD5 is not encryption - it's a hash. It doesn't allow a string to be decrypted.

You're looking for a symmetric encryption algorithm. It uses the same key to encrypt and decrypt. Trying to use encryption functions without understanding them is dangerous . Even if you think you understand them, you can make a mistake.

If you're transferring data to another person's server, you may be better off using something like gpg to encrypt the file using a symmetric key you both agree on over the phone, or perhaps some public-key crypto. This way, you don't write any crypto code, and it's safer (not completely secure, mind you, but safer).

---

Edit: I'm still trying to decipher your requirements.

MD5 is an unkeyed hash function - there is not key in use at all. So let's say the server sends you a giant string, or a file, and a hash of it. You would then MD5 the string or file, and compare the hash you computed with the hash they sent. If they match - the data was not corrupted in transit . That doesn't mean no one tampered with what they sent you in transit, because MD5 has no "secret sauce" to it. I can md5 anything I want and send it to you.

A HMAC is a keyed hash function . It has a secret ingredient that only you and the group you're communicating with should know - the secret key. If they send you a long string or file, and a HMAC, you can compute the HMAC yourself, compare your HMAC and theirs, and if they match, the data was not corrupted in transit, nor was the data tampered with .

Answer 2

MD5 is a hash function and, strictly speaking, is not used to "encrypt" a string. It produces a 128-bit "Message Digest" (hence the MD in the name) that is used as a kind of fingerprint for the input string.

Answer 3

Tom's right: MD5 is just a one-way hash, you can't decrypt it. Try these links:

• Symmetric Key Encryption in C#
• Public-Key RSA Encryption in C#

Answer 4

You can use AES from C# to do the type of encryption you are looking for. Here's an article on how.

Answer 5

You should use one of the classes inherited from SymmetricAlgorithm , for instance :

• AesCryptoServiceProvider
• DESCryptoServiceProvider
• RC2CryptoServiceProvider
• TripleDESCryptoServiceProvider

Answer 6

So, why does the following test fail if both input strings are identical?

    [TestMethod]
    public void MD5HashTest()
    {
        var hash1 = (new MD5CryptoServiceProvider()).ComputeHash(new System.Text.ASCIIEncoding().GetBytes("now is the time for all good men."));
        var hash2 = (new MD5CryptoServiceProvider()).ComputeHash(new System.Text.ASCIIEncoding().GetBytes("now is the time for all good men."));

        Assert.AreEqual(hash1, hash2);
    }